WebAuthn - Cant register a device if Bitwarden extension is logged in

[uniQuk]

Version

5.0.2

Details & Steps to reproduce

After setting up 2FAuth getting a proper SSL. In Chrome & Brave when registering a new WebAuthn device I get a red banner that says: "Uknown Error". I tried in Edge and Firefox both worked and also on Mobile Safari. I also tried on another Edge profile and got the same error. After disabling extensions one by one being logged into Bitwarden produces the unknown error.

Disabling Bitwarden in Chrome and Brave also worked. Renabling it will work until you are logged in.

Tested

Expectation

Bowser popup "Windows Security" asking for PIN/Security Key or more choices etc.

Error & Logs

Date: Sun, 31 Dec 2023 21:38:30 +0000
userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
Version: 5.0.1
Environment: local
Install path: /
Debug: false
Cache driver: file
Log channel: daily
Log level:
DB driver: sqlite
PHP version: 8.1.22
Operating system: Linux
interface: fpm-fcgi

Execution environment

version: "3.9"

networks: web: external: true

services: 2fauth: image: 2fauth/2fauth container_name: 2fauth volumes:

• ./2fauth:/2fauth environment:
• APP_NAME=2FAuth
• APP_ENV=local
• SITE_OWNER=[scrubbed]
• APP_KEY=[scrubbed]
• APP_URL=https://[scrubbed]
• LOG_CHANNEL=daily
• LOG_LEVEL=notice
• DB_DATABASE="/srv/database/database.sqlite"
• CACHE_DRIVER=file
• SESSION_DRIVER=file
• AUTHENTICATION_GUARD=web-guard
• WEBAUTHN_NAME=2FAuth
• WEBAUTHN_USER_VERIFICATION=preferred
• TRUSTED_PROXIES=*
• BROADCAST_DRIVER=log
• QUEUE_DRIVER=sync
• SESSION_LIFETIME=120
• REDIS_HOST=127.0.0.1
• REDIS_PASSWORD=null
• REDIS_PORT=6379
• PUSHER_APP_ID=
• PUSHER_APP_KEY=
• PUSHER_APP_SECRET=
• PUSHER_APP_CLUSTER=mt1
• MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
• MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
• MIX_ENV=local

  - CF_DNS_API_TOKEN=[scrubbed]

  networks:

• web labels:
• traefik.enable=true
• traefik.http.routers.2fauth.rule=Host([scrubbed]) || Path(/2fauth)
• traefik.http.routers.2fauth.entrypoints=websecure
• traefik.http.routers.2fauth.tls.certresolver=default

Containerization

• [X] Docker

Additional information

Tested with 5.0.0, 5.0.1, 5.0.2 Tested registering on: https://webauthn.io/ - I noticed Biwarden "hijacks" if you will the Passkey popup. When Bitwarden is not on the default popup is Browser/Web. I assume this initial passkey interaction is what's causing the issue.

[Bubka]

The error comes from the Bitwarden js. A fix will be released mid January, in version 2024.1 of BW (see https://github.com/bitwarden/clients/issues/7141#issuecomment-1871186500)

FYI, this only affects the registration process, so you can register your device using another browser or with the extension disabled, then go back to your daily setup for login, it should work.

[DaviPtrs]

Go to bitwarden extension -> settings -> Options and Disable the box "Ask to save and use passkeys"

This allows you to register without disabling the extension